Level 20¶
Login in as bandit20 and the password.
There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (
bandit20). If the password is correct, it will transmit the password for the next level (bandit21).
bandit20@bandit:~$ ls suconnect bandit20@bandit:~$ ./suconnect Usage: ./suconnect <portnumber> This program will connect to the given port on localhost using TCP. If it receives the correct password from the other side, the next password is transmitted back.
What I have to do is use nc to setup a TCP server that will send the current password, and the listen for the response. I look at the nc man page to see how it is used. I have to start it in the background with & so that I can start the binary at the same time.
bandit20@bandit:~$ cat /etc/bandit_pass/bandit20 | nc -lp 34675 & [1] 5398 bandit20@bandit:~$ ./suconnect 34675 Read: GbKksEFF4yrVs6il55v6gwY5aVje5f0j Password matches, sending next password gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr [1]+ Done cat /etc/bandit_pass/bandit20 | nc -lp 34675 bandit20@bandit:~$